1. Â The conformance model is all screwy: it mixes conformance criteria
for too many products (including ones on which were it makes no sense,
like signature documents). The conformance criteria makes the spec
really hard to write test for. Only two classes of products should be
allowed to conform: signers and validators.

2. The spec requires zip-relative-paths to be URL encoded during
signing. I think this is an oversight, specially because during
signature validation it does not say that the paths be decoded. URL
Encoded of paths should be removed from the spec, IMO. Zip-relative
paths are supposed to be URI safe, hence should not require URL
Encoding (and when they violate URI's path rule, they should be
treated as invalid widgets anyway as per the P&C spec).

3. The document is full of editorial redundancies (about 100+). It is
also badly structured, with behavioral conformance criteria mixed in
with definitions and support requirements (making the spec really hard
to follow).

In the interest of saving time, I have created a new version of the
spec that addresses all the issues above:

http://dev.w3.org/2006/waf/widgets-digsig/

To compare my draft with latest WG endorsed editorial draft:

http://tinyurl.com/26bxclc

In addition, the new draft has the advantage of being fully testable
and written using the method defined in [1] (meaning we can plug in
WebApps test suite creation infrastructure, which assures that all
conformance requirements in the spec will get tested!).

I encourage the working group to adopt my modified version once it has
been reviewed. Aside from the URL Encoding thing, the modified version
does not change the behavior existing implementations: it just makes
it much more clear what each kind of product needs to do to conform.